Do you have anymore info on Cacti, and how you are monitoring your units.
tony
*********** REPLY SEPARATOR ***********
On 12/16/2003 at 10:15 PM KSM wrote:
>I know this is a moot point as far as some networking is concerned, but
>I will put it out there anyways, if only to hear you all's thoughts.
>
> My network is 100% Lucent hardware with varrying versions of the
>firmware instilled in each unit. (I am holding out till we have the
>financial backing to upgrade the ones that aren't already Karlnet..) It
>is also a bridged network, with reason. (see below)
>
> I am currently having to remove customers (temporarily) who get virii
>on their computer, in particular ones that scan (SYN, etc.) My "guess"
>is that the amount of packets per second with a virus that scans subnet
>classes (& ports) to find hosts is greater than what the hardware can
>handle, and it makes the unit practically unreachable to remove the MAC
>of the unfortunate victim. I have a decent system for response and
>triage, but have been curious as to what else can be done. It has a
>tendency to bring negative feelings towards my company as an ISP when
>the network has these moments, and I don't like having to call customers
>and deny them service due to what is a common problem in today's world.
>
> My thoughts are to
>1. Instill some kind of pre network virus software. We do not at the
>moment simply due to the overhead our gateway deals with for what it's
>responsibilities are, and I am in the process of redesigning and
>improving the set-up. It is directly proportional to how fast my Linux
>skills are improving. :) (including instilling Cacti to monitor my
>links, as it has Karlnet SNMP and MIBs built in!)
>
>2. (since above alone cannot be 100% efficient... nothing is)
> Upgrade to the latest Karlnet release which had firewalling built
>in. But this is where (finally) my questions come to light:
>
> Does it keep the unit from being stoned if it is blocking the ports, or
>does it meerly keep the units post it's heirarchy in the network from
>also getting bitten? My thoughts say that if it even filters the port,
>it has to respond, say with a RST, which means it will be consumed
>anyways (probably even more so).
>
> My network is bridging (as of moment), mainly due to it's original
>design. I am aware that instilling "cloud" networks NATed on the end
>would eliminate alot of network wide issues, but (see above) am
>currently in the process of dealing with how this interaction would
>break our network and what it it's limitations are, (including
>insitilling radius to keep my authentication central, which is an
>integral part to our current network architecture.) I have yet to have
>a huge amount of luck with Karlnet Config being able to scan across
>subnets, and like the visiblity and control of a bridges system as well.
>this IS wireless :0
>
> Since I am an ISP, port filtering is something I try to avoid to keep
>my customers options open, and keep the "pipe" as intact as possible,
>(although our firewall is blocking "some" known evil ports.) Anyone else
>share this opinion?
>
> As you can tell, I am quite long winded, but always appreciate the
>chance to share my thoughts with the community. Any feedback or
>otherwise is appreciated.
>
>Thanks in advance!
>
>Scott
>
>
>
>_______________________________________________
>Karlnet mailing list
>Karlnet@WISPNotes.com
>http://lists.wispnotes.com/mailman/listinfo/karlnet
_______________________________________________
Karlnet mailing list
Karlnet@WISPNotes.com
http://lists.wispnotes.com/mailman/listinfo/karlnet
|